summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/main/java/at')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImpl.java452
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java702
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java118
3 files changed, 638 insertions, 634 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImpl.java
index 93e0eee8..6c5125aa 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImpl.java
@@ -1,226 +1,226 @@
-/*
- * Copyright 2013 by Graz University of Technology, Austria
- * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
- * initiative of the Federal Chancellery Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egiz.bku.slcommands.impl;
-
-import iaik.cms.CMSException;
-import iaik.cms.CMSSignatureException;
-
-import java.security.InvalidParameterException;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-
-import org.apache.commons.configuration.Configuration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.buergerkarte.namespaces.securitylayer._1_2_3.CreateCMSSignatureRequestType;
-import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
-import at.gv.egiz.bku.slcommands.CreateCMSSignatureCommand;
-import at.gv.egiz.bku.slcommands.SLCommandContext;
-import at.gv.egiz.bku.slcommands.SLResult;
-import at.gv.egiz.bku.slcommands.impl.cms.Signature;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.slexceptions.SLException;
-import at.gv.egiz.bku.slexceptions.SLRequestException;
-import at.gv.egiz.bku.slexceptions.SLViewerException;
-import at.gv.egiz.stal.InfoboxReadRequest;
-import at.gv.egiz.stal.STALRequest;
-
-/**
- * This class implements the security layer command
- * <code>CreateCMSSignatureRequest</code>.
- *
- * @author tkellner
- */
-public class CreateCMSSignatureCommandImpl extends
- SLCommandImpl<CreateCMSSignatureRequestType> implements
- CreateCMSSignatureCommand {
-
- /**
- * Logging facility.
- */
- private final Logger log = LoggerFactory.getLogger(CreateCMSSignatureCommandImpl.class);
-
- /**
- * The signing certificate.
- */
- protected X509Certificate signingCertificate;
-
- /**
- * The keybox identifier of the key used for signing.
- */
- protected String keyboxIdentifier;
-
- /**
- * The to-be signed signature.
- */
- protected Signature signature;
-
- /**
- * The configuration facade used to access the MOCCA configuration.
- */
- private ConfigurationFacade configurationFacade = new ConfigurationFacade();
-
- private class ConfigurationFacade implements MoccaConfigurationFacade {
- private Configuration configuration;
-
- public static final String USE_STRONG_HASH = "UseStrongHash";
-
- public void setConfiguration(Configuration configuration) {
- this.configuration = configuration;
- }
-
- public boolean getUseStrongHash() {
- return configuration.getBoolean(USE_STRONG_HASH, true);
- }
-}
-
- public void setConfiguration(Configuration configuration) {
- configurationFacade.setConfiguration(configuration);
- }
-
- @Override
- public void prepareCMSSignature(SLCommandContext commandContext) throws SLCommandException,
- SLRequestException {
-
- CreateCMSSignatureRequestType request = getRequestValue();
-
- try {
- if (request.isPAdESCompatibility())
- {
- //PAdES Compatibility Request
- signature = new Signature(request.getDataObject(), request.getStructure(),
- signingCertificate, commandContext.getURLDereferencer(),
- configurationFacade.getUseStrongHash());
-
- }
- else
- {
- // DataObject, SigningCertificate, SigningTime
-
- Date signingTime = request.isPAdESCompatibility() ? null : new Date();
- signature = new Signature(request.getDataObject() != null ? request.getDataObject()
- : request.getReferenceObject(), request.getStructure(), signingCertificate, signingTime,
- commandContext.getURLDereferencer(),
- configurationFacade.getUseStrongHash());
- }
- } catch (SLCommandException e) {
- log.error("Error creating CMS Signature.", e);
- throw e;
- } catch (InvalidParameterException e) {
- log.error("Error creating CMS Signature.", e);
- throw new SLCommandException(3004);
- } catch (Exception e) {
- log.error("Error creating CMS Signature.", e);
- throw new SLCommandException(4000);
- }
- }
-
- /**
- * Gets the signing certificate from STAL.
- * @param commandContext TODO
- *
- * @throws SLCommandException
- * if getting the singing certificate fails
- */
- private void getSigningCertificate(SLCommandContext commandContext) throws SLCommandException {
-
- CreateCMSSignatureRequestType request = getRequestValue();
- keyboxIdentifier = request.getKeyboxIdentifier();
-
- InfoboxReadRequest stalRequest = new InfoboxReadRequest();
- stalRequest.setInfoboxIdentifier(keyboxIdentifier);
-
- STALHelper stalHelper = new STALHelper(commandContext.getSTAL());
-
- stalHelper.transmitSTALRequest(Collections.singletonList((STALRequest) stalRequest));
- List<X509Certificate> certificates = stalHelper.getCertificatesFromResponses();
- if (certificates == null || certificates.size() != 1) {
- log.info("Got an unexpected number of certificates from STAL.");
- throw new SLCommandException(4000);
- }
- signingCertificate = certificates.get(0);
-
- }
-
- /**
- * Signs the signature.
- * @param commandContext TODO
- * @return the CMS signature
- * @throws SLCommandException
- * if signing the signature fails
- * @throws SLViewerException
- */
- private byte[] signCMSSignature(SLCommandContext commandContext) throws SLCommandException, SLViewerException {
-
- try {
- return signature.sign(commandContext.getSTAL(), keyboxIdentifier);
- } catch (CMSException e) {
- log.error("Error creating CMSSignature", e);
- throw new SLCommandException(4000);
- } catch (CMSSignatureException e) {
- log.error("Error creating CMSSignature", e);
- throw new SLCommandException(4000);
- }
- }
-
- @Override
- public SLResult execute(SLCommandContext commandContext) {
- try {
-
- // get certificate in order to select appropriate algorithms for hashing
- // and signing
- log.info("Requesting signing certificate.");
- getSigningCertificate(commandContext);
- if (log.isDebugEnabled()) {
- log.debug("Got signing certificate. {}", signingCertificate);
- } else {
- log.info("Got signing certificate.");
- }
-
- // prepare the CMSSignature for signing
- log.info("Preparing CMS signature.");
- prepareCMSSignature(commandContext);
-
- // sign the CMSSignature
- log.info("Signing CMS signature.");
- byte[] sig = signCMSSignature(commandContext);
- log.info("CMS signature signed.");
-
- return new CreateCMSSignatureResultImpl(sig);
-
- } catch (SLException e) {
- return new ErrorResultImpl(e, commandContext.getLocale());
- }
- }
-
- @Override
- public String getName() {
- return "CreateCMSSignatureRequest";
- }
-
-}
+/*
+ * Copyright 2013 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egiz.bku.slcommands.impl;
+
+import iaik.cms.CMSException;
+import iaik.cms.CMSSignatureException;
+
+import java.security.InvalidParameterException;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.configuration.Configuration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.buergerkarte.namespaces.securitylayer._1_2_3.CreateCMSSignatureRequestType;
+import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
+import at.gv.egiz.bku.slcommands.CreateCMSSignatureCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.cms.Signature;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
+import at.gv.egiz.bku.slexceptions.SLRequestException;
+import at.gv.egiz.bku.slexceptions.SLViewerException;
+import at.gv.egiz.stal.InfoboxReadRequest;
+import at.gv.egiz.stal.STALRequest;
+
+/**
+ * This class implements the security layer command
+ * <code>CreateCMSSignatureRequest</code>.
+ *
+ * @author tkellner
+ */
+public class CreateCMSSignatureCommandImpl extends
+ SLCommandImpl<CreateCMSSignatureRequestType> implements
+ CreateCMSSignatureCommand {
+
+ /**
+ * Logging facility.
+ */
+ protected final Logger log = LoggerFactory.getLogger(CreateCMSSignatureCommandImpl.class);
+
+ /**
+ * The signing certificate.
+ */
+ protected X509Certificate signingCertificate;
+
+ /**
+ * The keybox identifier of the key used for signing.
+ */
+ protected String keyboxIdentifier;
+
+ /**
+ * The to-be signed signature.
+ */
+ protected Signature signature;
+
+ /**
+ * The configuration facade used to access the MOCCA configuration.
+ */
+ protected ConfigurationFacade configurationFacade = new ConfigurationFacade();
+
+ protected class ConfigurationFacade implements MoccaConfigurationFacade {
+ protected Configuration configuration;
+
+ public static final String USE_STRONG_HASH = "UseStrongHash";
+
+ public void setConfiguration(Configuration configuration) {
+ this.configuration = configuration;
+ }
+
+ public boolean getUseStrongHash() {
+ return configuration.getBoolean(USE_STRONG_HASH, true);
+ }
+}
+
+ public void setConfiguration(Configuration configuration) {
+ configurationFacade.setConfiguration(configuration);
+ }
+
+ @Override
+ public void prepareCMSSignature(SLCommandContext commandContext) throws SLCommandException,
+ SLRequestException {
+
+ CreateCMSSignatureRequestType request = getRequestValue();
+
+ try {
+ if (request.isPAdESCompatibility())
+ {
+ //PAdES Compatibility Request
+ signature = new Signature(request.getDataObject(), request.getStructure(),
+ signingCertificate, commandContext.getURLDereferencer(),
+ configurationFacade.getUseStrongHash());
+
+ }
+ else
+ {
+ // DataObject, SigningCertificate, SigningTime
+
+ Date signingTime = request.isPAdESCompatibility() ? null : new Date();
+ signature = new Signature(request.getDataObject() != null ? request.getDataObject()
+ : request.getReferenceObject(), request.getStructure(), signingCertificate, signingTime,
+ commandContext.getURLDereferencer(),
+ configurationFacade.getUseStrongHash());
+ }
+ } catch (SLCommandException e) {
+ log.error("Error creating CMS Signature.", e);
+ throw e;
+ } catch (InvalidParameterException e) {
+ log.error("Error creating CMS Signature.", e);
+ throw new SLCommandException(3004);
+ } catch (Exception e) {
+ log.error("Error creating CMS Signature.", e);
+ throw new SLCommandException(4000);
+ }
+ }
+
+ /**
+ * Gets the signing certificate from STAL.
+ * @param commandContext TODO
+ *
+ * @throws SLCommandException
+ * if getting the singing certificate fails
+ */
+ protected void getSigningCertificate(SLCommandContext commandContext) throws SLCommandException {
+
+ CreateCMSSignatureRequestType request = getRequestValue();
+ keyboxIdentifier = request.getKeyboxIdentifier();
+
+ InfoboxReadRequest stalRequest = new InfoboxReadRequest();
+ stalRequest.setInfoboxIdentifier(keyboxIdentifier);
+
+ STALHelper stalHelper = new STALHelper(commandContext.getSTAL());
+
+ stalHelper.transmitSTALRequest(Collections.singletonList((STALRequest) stalRequest));
+ List<X509Certificate> certificates = stalHelper.getCertificatesFromResponses();
+ if (certificates == null || certificates.size() != 1) {
+ log.info("Got an unexpected number of certificates from STAL.");
+ throw new SLCommandException(4000);
+ }
+ signingCertificate = certificates.get(0);
+
+ }
+
+ /**
+ * Signs the signature.
+ * @param commandContext TODO
+ * @return the CMS signature
+ * @throws SLCommandException
+ * if signing the signature fails
+ * @throws SLViewerException
+ */
+ protected byte[] signCMSSignature(SLCommandContext commandContext) throws SLCommandException, SLViewerException {
+
+ try {
+ return signature.sign(commandContext.getSTAL(), keyboxIdentifier);
+ } catch (CMSException e) {
+ log.error("Error creating CMSSignature", e);
+ throw new SLCommandException(4000);
+ } catch (CMSSignatureException e) {
+ log.error("Error creating CMSSignature", e);
+ throw new SLCommandException(4000);
+ }
+ }
+
+ @Override
+ public SLResult execute(SLCommandContext commandContext) {
+ try {
+
+ // get certificate in order to select appropriate algorithms for hashing
+ // and signing
+ log.info("Requesting signing certificate.");
+ getSigningCertificate(commandContext);
+ if (log.isDebugEnabled()) {
+ log.debug("Got signing certificate. {}", signingCertificate);
+ } else {
+ log.info("Got signing certificate.");
+ }
+
+ // prepare the CMSSignature for signing
+ log.info("Preparing CMS signature.");
+ prepareCMSSignature(commandContext);
+
+ // sign the CMSSignature
+ log.info("Signing CMS signature.");
+ byte[] sig = signCMSSignature(commandContext);
+ log.info("CMS signature signed.");
+
+ return new CreateCMSSignatureResultImpl(sig);
+
+ } catch (SLException e) {
+ return new ErrorResultImpl(e, commandContext.getLocale());
+ }
+ }
+
+ @Override
+ public String getName() {
+ return "CreateCMSSignatureRequest";
+ }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 4a94ca7f..97cae9a2 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -1,351 +1,351 @@
-/*
- * Copyright 2013 by Graz University of Technology, Austria
- * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
- * initiative of the Federal Chancellery Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egiz.bku.slcommands.impl.cms;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.InvalidParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.List;
-
-import javax.xml.crypto.dsig.DigestMethod;
-
-import org.apache.commons.lang.ArrayUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3._2000._09.xmldsig_.DigestMethodType;
-
-import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectOptionalMetaType;
-import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectRequiredMetaType;
-import at.buergerkarte.namespaces.securitylayer._1_2_3.DigestAndRefType;
-import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
-import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
-import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
-import at.gv.egiz.bku.slexceptions.SLCommandException;
-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
-import at.gv.egiz.stal.HashDataInput;
-import at.gv.egiz.stal.STAL;
-import iaik.asn1.ASN1Object;
-import iaik.asn1.CodingException;
-import iaik.asn1.ObjectID;
-import iaik.asn1.SEQUENCE;
-import iaik.asn1.UTF8String;
-import iaik.asn1.structures.AlgorithmID;
-import iaik.asn1.structures.Attribute;
-import iaik.asn1.structures.ChoiceOfTime;
-import iaik.cms.CMSException;
-import iaik.cms.CMSSignatureException;
-import iaik.cms.CertificateIdentifier;
-import iaik.cms.ContentInfo;
-import iaik.cms.IssuerAndSerialNumber;
-import iaik.cms.SignedData;
-import iaik.cms.SignerInfo;
-import iaik.smime.ess.ESSCertID;
-import iaik.smime.ess.ESSCertIDv2;
-import iaik.x509.X509ExtensionException;
-
-/**
- * This class represents a CMS-Signature as to be created by the
- * security layer command <code>CreateCMSSignatureRequest</code>.
- *
- * @author tkellner
- */
-public class Signature {
-
- public final static String ID_AA_ETS_MIMETYPE = "0.4.0.1733.2.1";
-
- /**
- * Logging facility.
- */
- private final Logger log = LoggerFactory.getLogger(Signature.class);
-
- protected SignedData signedData;
- protected SignerInfo signerInfo;
- protected byte[] signedDocument;
- protected String mimeType;
- protected AlgorithmID signatureAlgorithm;
- protected AlgorithmID digestAlgorithm;
- protected byte[] digestValue;
- protected String signatureAlgorithmURI;
- protected String digestAlgorithmURI;
- protected ExcludedByteRangeType excludedByteRange;
- private HashDataInput hashDataInput;
-
-
-public Signature(CMSDataObjectOptionalMetaType dataObject, String structure,
- X509Certificate signingCertificate, Date signingTime, URLDereferencer urlDereferencer,
- boolean useStrongHash)
- throws NoSuchAlgorithmException, CertificateEncodingException,
- CertificateException, X509ExtensionException, InvalidParameterException,
- CodingException, SLCommandException, IOException, CMSException {
- int mode = structure.equalsIgnoreCase("enveloping") ? SignedData.IMPLICIT : SignedData.EXPLICIT;
- if (dataObject.getContent() != null) {
- byte[] dataToBeSigned = getContent(dataObject, urlDereferencer);
- this.signedData = new SignedData(dataToBeSigned, mode);
- if (dataObject.getMetaInfo() != null) {
- this.mimeType = dataObject.getMetaInfo().getMimeType();
- }
-
- hashDataInput = new CMSHashDataInput(signedDocument, mimeType);
-
- } else {
- DigestAndRefType digestAndRef = dataObject.getDigestAndRef();
- DigestMethodType digestMethod = digestAndRef.getDigestMethod();
-
- hashDataInput = new ReferencedHashDataInput(dataObject.getMetaInfo().getMimeType(), urlDereferencer,
- digestAndRef.getReference(), dataObject.getExcludedByteRange());
-
- try {
- digestAlgorithm = getAlgorithmID(digestMethod.getAlgorithm());
- } catch (URISyntaxException e) {
- //TODO: choose proper execption
- throw new NoSuchAlgorithmException(e);
- }
- digestValue = digestAndRef.getDigestValue();
- this.signedData = new SignedData(ObjectID.pkcs7_data);
- }
- setAlgorithmIDs(signingCertificate, useStrongHash);
- createSignerInfo(signingCertificate);
- setSignerCertificate(signingCertificate);
- this.mimeType = dataObject.getMetaInfo().getMimeType();
-
- setAttributes(this.mimeType, signingCertificate, signingTime);
- }
-
- public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
- X509Certificate signingCertificate, URLDereferencer urlDereferencer,
- boolean useStrongHash)
- throws NoSuchAlgorithmException, CertificateEncodingException,
- CertificateException, X509ExtensionException, InvalidParameterException,
- CodingException, SLCommandException, IOException {
- byte[] dataToBeSigned = getContent(dataObject, urlDereferencer);
- int mode = structure.equalsIgnoreCase("enveloping") ? SignedData.IMPLICIT : SignedData.EXPLICIT;
- this.signedData = new SignedData(dataToBeSigned, mode);
- setAlgorithmIDs(signingCertificate, useStrongHash);
- createSignerInfo(signingCertificate);
- setSignerCertificate(signingCertificate);
-
-
- setAttributes(signingCertificate);
- }
-
-
-
- private void createSignerInfo(X509Certificate signingCertificate) throws CertificateEncodingException, CertificateException {
- iaik.x509.X509Certificate sigcert =
- new iaik.x509.X509Certificate(signingCertificate.getEncoded());
- CertificateIdentifier signerIdentifier =
- new IssuerAndSerialNumber(sigcert);
- PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI, digestAlgorithmURI);
- signerInfo = new SignerInfo(signerIdentifier, digestAlgorithm,
- signatureAlgorithm, privateKey);
- }
-
- private void setSignerCertificate(X509Certificate signingCertificate) {
- X509Certificate[] sigcerts = new X509Certificate[] { signingCertificate };
- signedData.addCertificates(sigcerts);
- }
-
- private void setAttributes(String mimeType, X509Certificate signingCertificate, Date signingTime) throws CertificateException, NoSuchAlgorithmException, CodingException {
- List<Attribute> attributes = new ArrayList<Attribute>();
- setMimeTypeAttrib(attributes, mimeType);
- setContentTypeAttrib(attributes);
- setSigningCertificateAttrib(attributes, signingCertificate);
- if (signingTime != null)
- setSigningTimeAttrib(attributes, signingTime);
- Attribute[] attributeArray = attributes.toArray(new Attribute[attributes.size()]);
- signerInfo.setSignedAttributes(attributeArray);
- }
-
- private void setAttributes(X509Certificate signingCertificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
- List<Attribute> attributes = new ArrayList<Attribute>();
- setContentTypeAttrib(attributes);
- setSigningCertificateAttrib(attributes, signingCertificate);
- Attribute[] attributeArray = attributes.toArray(new Attribute[attributes.size()]);
- signerInfo.setSignedAttributes(attributeArray);
- }
-
-
-
- private void setMimeTypeAttrib(List<Attribute> attributes, String mimeType) {
- String oidStr = ID_AA_ETS_MIMETYPE;
- String name = "mime-type";
- ObjectID mimeTypeOID = new ObjectID(oidStr, name);
-
- Attribute mimeTypeAtt = new Attribute(mimeTypeOID, new ASN1Object[] {new UTF8String(mimeType)});
- attributes.add(mimeTypeAtt);
- }
-
- private void setContentTypeAttrib(List<Attribute> attributes) {
- Attribute contentType = new Attribute(ObjectID.contentType, new ASN1Object[] {ObjectID.cms_data});
- attributes.add(contentType);
- }
-
- private void setSigningCertificateAttrib(List<Attribute> attributes, X509Certificate signingCertificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
- ObjectID id;
- ASN1Object value = new SEQUENCE();
- if (digestAlgorithm.equals(AlgorithmID.sha1)) {
- id = ObjectID.signingCertificate;
- value.addComponent(new ESSCertID(signingCertificate, true).toASN1Object());
- }
- else {
- id = ObjectID.signingCertificateV2;
- value.addComponent(new ESSCertIDv2(digestAlgorithm, signingCertificate, true).toASN1Object());
- }
- ASN1Object signingCert = new SEQUENCE();
- signingCert.addComponent(value);
- Attribute signingCertificateAttrib = new Attribute(id, new ASN1Object[] {signingCert});
- attributes.add(signingCertificateAttrib);
- }
-
- private void setSigningTimeAttrib(List<Attribute> attributes, Date date) {
- Attribute signingTime = new Attribute(ObjectID.signingTime, new ASN1Object[] {new ChoiceOfTime(date).toASN1Object()});
- attributes.add(signingTime);
- }
-
- private byte[] getContent(CMSDataObjectOptionalMetaType dataObject, URLDereferencer urlDereferencer)
- throws InvalidParameterException, SLCommandException, IOException {
- byte[] data = dataObject.getContent().getBase64Content();
- if (data == null) {
- String reference = dataObject.getContent().getReference();
- if (reference == null)
- throw new SLCommandException(4003);
- InputStream is = urlDereferencer.dereference(reference).getStream();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- byte[] buffer = new byte[1024];
- for (int i = is.read(buffer); i > -1; i = is.read(buffer)) {
- baos.write(buffer, 0, i);
- }
- data = baos.toByteArray();
- is.close();
- }
- this.signedDocument = data.clone();
-
- this.excludedByteRange = dataObject.getExcludedByteRange();
- if (this.excludedByteRange == null)
- return data;
-
- int from = this.excludedByteRange.getFrom().intValue();
- int to = this.excludedByteRange.getTo().intValue();
- if (from > data.length || to > data.length || from > to)
- throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" +
- from + "-" + to + "], Content length: " + data.length);
-
- // Fill ExcludedByteRange with 0s for document to display in viewer
- Arrays.fill(this.signedDocument, from, to+1, (byte)0);
-
- // Remove ExcludedByteRange from data to be signed
- byte[] first = null;
- byte[] second = null;
- if (from > 0)
- first = Arrays.copyOfRange(data, 0, from);
- if ((to + 1) < data.length)
- second = Arrays.copyOfRange(data, to + 1, data.length);
- data = ArrayUtils.addAll(first, second);
- log.debug("ExcludedByteRange [" + from + "-" + to + "], Content length: " + data.length);
- return data;
- }
-
- private void setAlgorithmIDs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException {
- AlgorithmMethodFactory amf = new AlgorithmMethodFactoryImpl(signingCertificate, useStrongHash);
- signatureAlgorithmURI = amf.getSignatureAlgorithmURI();
- signatureAlgorithm = amf.getSignatureAlgorithmID();
- if (digestAlgorithm != null) {
- if (AlgorithmID.sha1.equals(digestAlgorithm)) {
- digestAlgorithmURI = DigestMethod.SHA1;
- } else if (AlgorithmID.sha256.equals(digestAlgorithm)) {
- digestAlgorithmURI = DigestMethod.SHA256;
- } else if (AlgorithmID.sha512.equals(digestAlgorithm)) {
- digestAlgorithmURI = DigestMethod.SHA512;
- } else if (AlgorithmID.ripeMd160.equals(digestAlgorithm)) {
- digestAlgorithmURI = DigestMethod.RIPEMD160;
- } else {
- throw new NoSuchAlgorithmException("Algorithm '" + digestAlgorithm + "' not supported.");
- }
- } else {
- digestAlgorithmURI = amf.getDigestAlgorithmURI();
- digestAlgorithm = amf.getDigestAlgorithmID();
- }
- }
-
- public HashDataInput getHashDataInput() {
-
- if (hashDataInput != null) {
- return hashDataInput;
- } else {
- return new CMSHashDataInput(signedDocument, mimeType);
- }
- }
-
-
- public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
- STALSecurityProvider securityProvider = new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange);
- signedData.setSecurityProvider(securityProvider);
- try {
- signedData.addSignerInfo(signerInfo);
- } catch (NoSuchAlgorithmException e) {
- STALSignatureException stalSignatureException = securityProvider.getStalSignatureException();
- if (stalSignatureException != null) {
- throw new SLCommandException(stalSignatureException.getErrorCode());
- }
- throw new CMSSignatureException(e);
- }
- if (digestValue != null) {
- try {
- signedData.setMessageDigest(digestAlgorithm, digestValue);
- } catch (NoSuchAlgorithmException e) {
- throw new CMSSignatureException(e);
- }
- }
- ContentInfo contentInfo = new ContentInfo(signedData);
- return contentInfo.getEncoded();
- }
-
- protected AlgorithmID getAlgorithmID(String uri) throws URISyntaxException {
- String oid = null;
- URI urn = new URI(uri);
- String scheme = urn.getScheme();
- if ("URN".equalsIgnoreCase(scheme)) {
- String schemeSpecificPart = urn.getSchemeSpecificPart().toLowerCase();
- if (schemeSpecificPart.startsWith("oid:")) {
- oid = schemeSpecificPart.substring(4, schemeSpecificPart.length());
-}
- }
- return new AlgorithmID(new ObjectID(oid));
- }
-}
-
-
+/*
+ * Copyright 2013 by Graz University of Technology, Austria
+ * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint
+ * initiative of the Federal Chancellery Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egiz.bku.slcommands.impl.cms;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.crypto.dsig.DigestMethod;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3._2000._09.xmldsig_.DigestMethodType;
+
+import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectOptionalMetaType;
+import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectRequiredMetaType;
+import at.buergerkarte.namespaces.securitylayer._1_2_3.DigestAndRefType;
+import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactory;
+import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
+import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import iaik.asn1.ASN1Object;
+import iaik.asn1.CodingException;
+import iaik.asn1.ObjectID;
+import iaik.asn1.SEQUENCE;
+import iaik.asn1.UTF8String;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.Attribute;
+import iaik.asn1.structures.ChoiceOfTime;
+import iaik.cms.CMSException;
+import iaik.cms.CMSSignatureException;
+import iaik.cms.CertificateIdentifier;
+import iaik.cms.ContentInfo;
+import iaik.cms.IssuerAndSerialNumber;
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.smime.ess.ESSCertID;
+import iaik.smime.ess.ESSCertIDv2;
+import iaik.x509.X509ExtensionException;
+
+/**
+ * This class represents a CMS-Signature as to be created by the
+ * security layer command <code>CreateCMSSignatureRequest</code>.
+ *
+ * @author tkellner
+ */
+public class Signature {
+
+ public final static String ID_AA_ETS_MIMETYPE = "0.4.0.1733.2.1";
+
+ /**
+ * Logging facility.
+ */
+ private final Logger log = LoggerFactory.getLogger(Signature.class);
+
+ protected SignedData signedData;
+ protected SignerInfo signerInfo;
+ protected byte[] signedDocument;
+ protected String mimeType;
+ protected AlgorithmID signatureAlgorithm;
+ protected AlgorithmID digestAlgorithm;
+ protected byte[] digestValue;
+ protected String signatureAlgorithmURI;
+ protected String digestAlgorithmURI;
+ protected ExcludedByteRangeType excludedByteRange;
+ private HashDataInput hashDataInput;
+
+
+public Signature(CMSDataObjectOptionalMetaType dataObject, String structure,
+ X509Certificate signingCertificate, Date signingTime, URLDereferencer urlDereferencer,
+ boolean useStrongHash)
+ throws NoSuchAlgorithmException, CertificateEncodingException,
+ CertificateException, X509ExtensionException, InvalidParameterException,
+ CodingException, SLCommandException, IOException, CMSException {
+ int mode = structure.equalsIgnoreCase("enveloping") ? SignedData.IMPLICIT : SignedData.EXPLICIT;
+ if (dataObject.getContent() != null) {
+ byte[] dataToBeSigned = getContent(dataObject, urlDereferencer);
+ this.signedData = new SignedData(dataToBeSigned, mode);
+ if (dataObject.getMetaInfo() != null) {
+ this.mimeType = dataObject.getMetaInfo().getMimeType();
+ }
+
+ hashDataInput = new CMSHashDataInput(signedDocument, mimeType);
+
+ } else {
+ DigestAndRefType digestAndRef = dataObject.getDigestAndRef();
+ DigestMethodType digestMethod = digestAndRef.getDigestMethod();
+
+ hashDataInput = new ReferencedHashDataInput(dataObject.getMetaInfo().getMimeType(), urlDereferencer,
+ digestAndRef.getReference(), dataObject.getExcludedByteRange());
+
+ try {
+ digestAlgorithm = getAlgorithmID(digestMethod.getAlgorithm());
+ } catch (URISyntaxException e) {
+ //TODO: choose proper execption
+ throw new NoSuchAlgorithmException(e);
+ }
+ digestValue = digestAndRef.getDigestValue();
+ this.signedData = new SignedData(ObjectID.pkcs7_data);
+ }
+ setAlgorithmIDs(signingCertificate, useStrongHash);
+ createSignerInfo(signingCertificate);
+ setSignerCertificate(signingCertificate);
+ this.mimeType = dataObject.getMetaInfo().getMimeType();
+
+ setAttributes(this.mimeType, signingCertificate, signingTime);
+ }
+
+ public Signature(CMSDataObjectRequiredMetaType dataObject, String structure,
+ X509Certificate signingCertificate, URLDereferencer urlDereferencer,
+ boolean useStrongHash)
+ throws NoSuchAlgorithmException, CertificateEncodingException,
+ CertificateException, X509ExtensionException, InvalidParameterException,
+ CodingException, SLCommandException, IOException {
+ byte[] dataToBeSigned = getContent(dataObject, urlDereferencer);
+ int mode = structure.equalsIgnoreCase("enveloping") ? SignedData.IMPLICIT : SignedData.EXPLICIT;
+ this.signedData = new SignedData(dataToBeSigned, mode);
+ setAlgorithmIDs(signingCertificate, useStrongHash);
+ createSignerInfo(signingCertificate);
+ setSignerCertificate(signingCertificate);
+
+
+ setAttributes(signingCertificate);
+ }
+
+
+
+ private void createSignerInfo(X509Certificate signingCertificate) throws CertificateEncodingException, CertificateException {
+ iaik.x509.X509Certificate sigcert =
+ new iaik.x509.X509Certificate(signingCertificate.getEncoded());
+ CertificateIdentifier signerIdentifier =
+ new IssuerAndSerialNumber(sigcert);
+ PrivateKey privateKey = new STALPrivateKey(signatureAlgorithmURI, digestAlgorithmURI);
+ signerInfo = new SignerInfo(signerIdentifier, digestAlgorithm,
+ signatureAlgorithm, privateKey);
+ }
+
+ private void setSignerCertificate(X509Certificate signingCertificate) {
+ X509Certificate[] sigcerts = new X509Certificate[] { signingCertificate };
+ signedData.addCertificates(sigcerts);
+ }
+
+ private void setAttributes(String mimeType, X509Certificate signingCertificate, Date signingTime) throws CertificateException, NoSuchAlgorithmException, CodingException {
+ List<Attribute> attributes = new ArrayList<Attribute>();
+ setMimeTypeAttrib(attributes, mimeType);
+ setContentTypeAttrib(attributes);
+ setSigningCertificateAttrib(attributes, signingCertificate);
+ if (signingTime != null)
+ setSigningTimeAttrib(attributes, signingTime);
+ Attribute[] attributeArray = attributes.toArray(new Attribute[attributes.size()]);
+ signerInfo.setSignedAttributes(attributeArray);
+ }
+
+ private void setAttributes(X509Certificate signingCertificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
+ List<Attribute> attributes = new ArrayList<Attribute>();
+ setContentTypeAttrib(attributes);
+ setSigningCertificateAttrib(attributes, signingCertificate);
+ Attribute[] attributeArray = attributes.toArray(new Attribute[attributes.size()]);
+ signerInfo.setSignedAttributes(attributeArray);
+ }
+
+
+
+ private void setMimeTypeAttrib(List<Attribute> attributes, String mimeType) {
+ String oidStr = ID_AA_ETS_MIMETYPE;
+ String name = "mime-type";
+ ObjectID mimeTypeOID = new ObjectID(oidStr, name);
+
+ Attribute mimeTypeAtt = new Attribute(mimeTypeOID, new ASN1Object[] {new UTF8String(mimeType)});
+ attributes.add(mimeTypeAtt);
+ }
+
+ private void setContentTypeAttrib(List<Attribute> attributes) {
+ Attribute contentType = new Attribute(ObjectID.contentType, new ASN1Object[] {ObjectID.cms_data});
+ attributes.add(contentType);
+ }
+
+ private void setSigningCertificateAttrib(List<Attribute> attributes, X509Certificate signingCertificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
+ ObjectID id;
+ ASN1Object value = new SEQUENCE();
+ if (digestAlgorithm.equals(AlgorithmID.sha1)) {
+ id = ObjectID.signingCertificate;
+ value.addComponent(new ESSCertID(signingCertificate, true).toASN1Object());
+ }
+ else {
+ id = ObjectID.signingCertificateV2;
+ value.addComponent(new ESSCertIDv2(digestAlgorithm, signingCertificate, true).toASN1Object());
+ }
+ ASN1Object signingCert = new SEQUENCE();
+ signingCert.addComponent(value);
+ Attribute signingCertificateAttrib = new Attribute(id, new ASN1Object[] {signingCert});
+ attributes.add(signingCertificateAttrib);
+ }
+
+ private void setSigningTimeAttrib(List<Attribute> attributes, Date date) {
+ Attribute signingTime = new Attribute(ObjectID.signingTime, new ASN1Object[] {new ChoiceOfTime(date).toASN1Object()});
+ attributes.add(signingTime);
+ }
+
+ private byte[] getContent(CMSDataObjectOptionalMetaType dataObject, URLDereferencer urlDereferencer)
+ throws InvalidParameterException, SLCommandException, IOException {
+ byte[] data = dataObject.getContent().getBase64Content();
+ if (data == null) {
+ String reference = dataObject.getContent().getReference();
+ if (reference == null)
+ throw new SLCommandException(4003);
+ InputStream is = urlDereferencer.dereference(reference).getStream();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] buffer = new byte[1024];
+ for (int i = is.read(buffer); i > -1; i = is.read(buffer)) {
+ baos.write(buffer, 0, i);
+ }
+ data = baos.toByteArray();
+ is.close();
+ }
+ this.signedDocument = data.clone();
+
+ this.excludedByteRange = dataObject.getExcludedByteRange();
+ if (this.excludedByteRange == null)
+ return data;
+
+ int from = this.excludedByteRange.getFrom().intValue();
+ int to = this.excludedByteRange.getTo().intValue();
+ if (from > data.length || to > data.length || from > to)
+ throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" +
+ from + "-" + to + "], Content length: " + data.length);
+
+ // Fill ExcludedByteRange with 0s for document to display in viewer
+ Arrays.fill(this.signedDocument, from, to+1, (byte)0);
+
+ // Remove ExcludedByteRange from data to be signed
+ byte[] first = null;
+ byte[] second = null;
+ if (from > 0)
+ first = Arrays.copyOfRange(data, 0, from);
+ if ((to + 1) < data.length)
+ second = Arrays.copyOfRange(data, to + 1, data.length);
+ data = ArrayUtils.addAll(first, second);
+ log.debug("ExcludedByteRange [" + from + "-" + to + "], Content length: " + data.length);
+ return data;
+ }
+
+ protected void setAlgorithmIDs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException {
+ AlgorithmMethodFactory amf = new AlgorithmMethodFactoryImpl(signingCertificate, useStrongHash);
+ signatureAlgorithmURI = amf.getSignatureAlgorithmURI();
+ signatureAlgorithm = amf.getSignatureAlgorithmID();
+ if (digestAlgorithm != null) {
+ if (AlgorithmID.sha1.equals(digestAlgorithm)) {
+ digestAlgorithmURI = DigestMethod.SHA1;
+ } else if (AlgorithmID.sha256.equals(digestAlgorithm)) {
+ digestAlgorithmURI = DigestMethod.SHA256;
+ } else if (AlgorithmID.sha512.equals(digestAlgorithm)) {
+ digestAlgorithmURI = DigestMethod.SHA512;
+ } else if (AlgorithmID.ripeMd160.equals(digestAlgorithm)) {
+ digestAlgorithmURI = DigestMethod.RIPEMD160;
+ } else {
+ throw new NoSuchAlgorithmException("Algorithm '" + digestAlgorithm + "' not supported.");
+ }
+ } else {
+ digestAlgorithmURI = amf.getDigestAlgorithmURI();
+ digestAlgorithm = amf.getDigestAlgorithmID();
+ }
+ }
+
+ public HashDataInput getHashDataInput() {
+
+ if (hashDataInput != null) {
+ return hashDataInput;
+ } else {
+ return new CMSHashDataInput(signedDocument, mimeType);
+ }
+ }
+
+
+ public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
+ STALSecurityProvider securityProvider = new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange);
+ signedData.setSecurityProvider(securityProvider);
+ try {
+ signedData.addSignerInfo(signerInfo);
+ } catch (NoSuchAlgorithmException e) {
+ STALSignatureException stalSignatureException = securityProvider.getStalSignatureException();
+ if (stalSignatureException != null) {
+ throw new SLCommandException(stalSignatureException.getErrorCode());
+ }
+ throw new CMSSignatureException(e);
+ }
+ if (digestValue != null) {
+ try {
+ signedData.setMessageDigest(digestAlgorithm, digestValue);
+ } catch (NoSuchAlgorithmException e) {
+ throw new CMSSignatureException(e);
+ }
+ }
+ ContentInfo contentInfo = new ContentInfo(signedData);
+ return contentInfo.getEncoded();
+ }
+
+ protected AlgorithmID getAlgorithmID(String uri) throws URISyntaxException {
+ String oid = null;
+ URI urn = new URI(uri);
+ String scheme = urn.getScheme();
+ if ("URN".equalsIgnoreCase(scheme)) {
+ String schemeSpecificPart = urn.getSchemeSpecificPart().toLowerCase();
+ if (schemeSpecificPart.startsWith("oid:")) {
+ oid = schemeSpecificPart.substring(4, schemeSpecificPart.length());
+}
+ }
+ return new AlgorithmID(new ObjectID(oid));
+ }
+}
+
+
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
index 249172e7..60e50d98 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java
@@ -93,65 +93,69 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory {
*/
public AlgorithmMethodFactoryImpl(X509Certificate signingCertificate, boolean useStrongHash)
throws NoSuchAlgorithmException {
+
+ setAlgorithmURIs(signingCertificate, useStrongHash);
+ }
+
+ protected void setAlgorithmURIs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException{
+
+ PublicKey publicKey = signingCertificate.getPublicKey();
+ String algorithm = publicKey.getAlgorithm();
- PublicKey publicKey = signingCertificate.getPublicKey();
- String algorithm = publicKey.getAlgorithm();
-
- if ("DSA".equals(algorithm)) {
- signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
- signatureAlgorithmID = AlgorithmID.dsaWithSHA1;
- } else if ("RSA".equals(algorithm)) {
-
- int keyLength = 0;
- if (publicKey instanceof RSAPublicKey) {
- keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
- }
-
- if (useStrongHash && keyLength >= 2048) {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
- signatureAlgorithmID = AlgorithmID.sha256WithRSAEncryption;
- digestAlgorithmURI = DigestMethod.SHA256;
- digestAlgorithmID = AlgorithmID.sha256;
- } else {
- signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
- signatureAlgorithmID = AlgorithmID.sha1WithRSAEncryption;
- }
-
- } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) {
-
- int fieldSize = 0;
- if (publicKey instanceof ECPublicKey) {
- ECParameterSpec params = ((ECPublicKey) publicKey).getParams();
- fieldSize = params.getCurve().getField().getFieldSize();
- } else {
- throw new NoSuchAlgorithmException("Public key type not supported.");
- }
+ if ("DSA".equals(algorithm)) {
+ signatureAlgorithmURI = SignatureMethod.DSA_SHA1;
+ signatureAlgorithmID = AlgorithmID.dsaWithSHA1;
+ } else if ("RSA".equals(algorithm)) {
+
+ int keyLength = 0;
+ if (publicKey instanceof RSAPublicKey) {
+ keyLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
+ }
+
+ if (useStrongHash && keyLength >= 2048) {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_RSA_SHA256;
+ signatureAlgorithmID = AlgorithmID.sha256WithRSAEncryption;
+ digestAlgorithmURI = DigestMethod.SHA256;
+ digestAlgorithmID = AlgorithmID.sha256;
+ } else {
+ signatureAlgorithmURI = SignatureMethod.RSA_SHA1;
+ signatureAlgorithmID = AlgorithmID.sha1WithRSAEncryption;
+ }
+
+ } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) {
+
+ int fieldSize = 0;
+ if (publicKey instanceof ECPublicKey) {
+ ECParameterSpec params = ((ECPublicKey) publicKey).getParams();
+ fieldSize = params.getCurve().getField().getFieldSize();
+ } else {
+ throw new NoSuchAlgorithmException("Public key type not supported.");
+ }
- if (useStrongHash && fieldSize >= 512) {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
- signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA512;
- digestAlgorithmURI = DigestMethod.SHA512;
- digestAlgorithmID = AlgorithmID.sha512;
- } else if (useStrongHash && fieldSize >= 256) {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
- signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA256;
- digestAlgorithmURI = DigestMethod.SHA256;
- digestAlgorithmID = AlgorithmID.sha256;
- } else if (useStrongHash) {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
- signatureAlgorithmID = AlgorithmID.ecdsa_plain_With_RIPEMD160;
- digestAlgorithmURI = DigestMethod.RIPEMD160;
- digestAlgorithmID = AlgorithmID.ripeMd160;
- } else {
- signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
- signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA1;
- }
-
- } else {
- throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
- + "' not supported.");
- }
-
+ if (useStrongHash && fieldSize >= 512) {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512;
+ signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA512;
+ digestAlgorithmURI = DigestMethod.SHA512;
+ digestAlgorithmID = AlgorithmID.sha512;
+ } else if (useStrongHash && fieldSize >= 256) {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA256;
+ signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA256;
+ digestAlgorithmURI = DigestMethod.SHA256;
+ digestAlgorithmID = AlgorithmID.sha256;
+ } else if (useStrongHash) {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_RIPEMD160;
+ signatureAlgorithmID = AlgorithmID.ecdsa_plain_With_RIPEMD160;
+ digestAlgorithmURI = DigestMethod.RIPEMD160;
+ digestAlgorithmID = AlgorithmID.ripeMd160;
+ } else {
+ signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA1;
+ signatureAlgorithmID = AlgorithmID.ecdsa_With_SHA1;
+ }
+
+ } else {
+ throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm
+ + "' not supported.");
+ }
}
/*